Was VersionOne affected by the FREAK SSL/TLS Vulnerability CVE-2015-0204

Still have questions?

Related Articles

Background

FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.

Some implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker can act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This issue has been dubbed the "FREAK" (Factoring Attack on RSA-EXPORT Keys) attack.

Answer

The VersionOne application was not impacted by the FREAK Vulnerability. Our Content Delivery Vendor, Instart Logic, is also not vulnerable to the FREAK attack as their network is configured to disable these weak encryption protocols. VersionOne also tested and confirmed that all origin servers are not vulnerable to the FREAK attack.